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Abstract 

A combinatorial design is a family of sets that are almost disjoint, which is applied in pseudo 
random number generations and randomness extractions. The parameter, p, quantifying the over- 
lap between the sets within the family, is directly related to the length of a random seed needed and 
the efficiency of an extractor. Nisan and Wigderson proposed an explicit construction of designs 
in 1994. Later in 2003, Hartman and Raz proved a bound of p < for the Nisan- Wigderson con- 
struction. In this work, we prove a tighter bound of p < e with a larger parameter range by slightly 
refining the Nisan- Wigderson construction. Following the block idea used by Raz, Reingold, and 
Vadhan, we present an explicit weak design with p = 1. 
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I. INTRODUCTION 



Combinatorial designs play an important role in pseudo random number generations 



and randomness extractions [2|. Nisan and Wigderson propose a simple construction of 
designs (Nisan- Wigderson design) for pseudo random number generators which is later 
applied to construct randomness extractors by Trevisan I2I. 

A combinatorial design is a family of subsets, drawn from the set, which have a same 
size, q, and are almost disjoint. Consider a family of disjoint subsets, the size of the set, /, 
grows linearly with the number of subsets, n. Later, we will see that with a design, the size 
of the set only grows as poly {log n). 

One key parameter of a design, p, is used to quantify the overlap between subsets in 
the family. Generally speaking, the smaller p is, the more disjoint the subsets are. This 
parameter is linked to the seed length and approximately indicates the ratio of randomness 
that can be extracted by Trevisan's extractor . In the application of extractors, p is 
normally required to be close to 1. Furthermore, the size of the set, /, is linked to the initial 
randomness input (as seed) required for Trevisan's extractor. In general, the size (/) should 
be small compared to the number of subsets (n). 

Hartman and Raz proved a bound of p < (e as the Euler's number) for the Nisan- 
Wigderson design {4] when n is a power of a prime power number, q (subset size). By slightly 
refining the Nisan- Wigderson design, we give a better bound p < e for a wider range of n 
when n can be divided by the largest power of q no greater than n. With the refined Nisan- 
Wigderson design, we also give a conjecture that p < e is true for all n < q'^. Furthermore, 
we follow the block idea used by Raz, Reingold, and Vadhan to construct an explicit design 
with p = 1 and I = 0(log^ n). 

In Section [Tll we review the definitions of combinatorial designs, the Nisan- Wigderson 
design and the Hartman- Raz bound. In Section llllt we refine the Nisan- Wigderson design 
and show a better bound of p. In Section HVl we construct an explicit p = 1 design. We 
finally conclude with discussions in Section IVl 
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II. PRELIMINARIES 



A. Notations and Definitions 

Notations: [I] = {0, 1, 2, . . . , Z — 1}; log is base 2; In is the natural logarithm; and e is the 
base of the natural logarithm or the Euler's number. 

Define a Galois (finite) field, GF{q) — [q] where q — p^, r is a positive integer, and p is 
a prime. Here, we represent an element, j G [q], by a p-nary string. Define J^g to be the 
ring of polynomials over the field GF{q). For a polynomial 4>{x) e J-'q, denote A(0) to be its 
number of roots over GF{q). For the sake of simplicity, we use p = 2 in the following. We 
remark that our results apply to the case of a general prime p with minor modifications. 

Define Va — {0i, 02, ■ ■ ■ , C Tq to be the set of all polynomials over GF{q) with 

the highest order no greater than d e [g], hence, \Vd\ — q''''^^. We further divide the set Vd 
evenly into q disjoint subsets, Mdj with j G GF{q), 

Xd,j^{jx'' + <l>(xMx)eVd-i}. (1) 
That is, the coefficient of of each polynomial in Mdj is j. It is not hard to see that 

q-l 

(2) 

^fd,o = Vd-i 

and hence for every j G [q] , 

\J^d.\ = Q'- (3) 
For a polynomial set, M., define a function, 

A{M) ^ Yl 2'^'^ (4) 

In the summation on the right side, we assume that the number of roots of the trivial 
polynomial = is zero. That is, X{4>) = for every constant function 0. 

B. Designs 

A combinatorial design is a family (collection) of nearly disjoint subsets of a set [I]. Here 
are the three definitions of designs used in the literature. 
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Definition II. 1. (Standard Design) A family of sets So, Si, . . . , Sn-i ^ [/] is a standard 
{n, q, I, p)-design if 

1. For all i E [n], \Si\ = q. 



2. For all i^ j ^[n], 



\S,nSA < hgp. 



(5) 



Definition II. 2. (Weak design) A family of sets Sq, Si, ... , Sn-i C [/] is a weak {n, q, I, p)- 
design if 



1. For all i G [n], \Si\ = q. 

2. For all i e [n], 



Definition II. 3. (Modified weak design) A family of sets Sq, Si, 
weak {n, q, I, p) -design if 

1. For all i E[n], \Si\ = q. 



(6) 



Sn-i ^ [I] is a modified 



2. For all i E [n], 



(7) 



Definition III.ll is originally used in the Nisan- Wigderson construction [l| that is applied 
in the Trevisan extractor [2]. Then, Raz et al. showed that a weaker version of design 
(Definition III.2I) is sufficient for the use in the Trevisan extractor [3]. Later, Hartman and 
Raz proved a bound of p of the Nisan- Wigderson construction for a modified version of the 
weak design (Definition III.3P ^. 

A design can be treated as an / x n binary (or p-nary) matrix with the i-th row represents 
a subset Si-i, for example, n = 4, g = 2, / = 4 and a binary matrix 

/ 1 1 \ 

10 1 

10 1 

\0 1 1 0/ 



A 



(8) 
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Take [/] = {0, 1,2,3}, then the family of sets are 5*1 = {0,2}, 5*2 = {1,3}, 5*3 = {0,3} and 
5*4 = {1,2}. It is not hard to see that p = 2 for the standard design from Eq. ([5]), while 
p = 5/4 in the two weak design definitions from Eq. and ([7j). 

As pointed in the introduction, the objective of design construction is to minimize / and 
p, given q and n. 

C. Nisan-Wigderson design 

Without loss of generality, let the size of set (the length of the random seed in the 
application of Trevisan's extractor), /, be the square of a prime power number {I = g^, if 
not, pick the smallest power of 2 which is greater than Consider [/] to be a g x g 

2-dimensional array, then every element of [/] can be represented as a pair of elements in 
GF{q). The Nisan-Wigderson design is constructed as follows. 

1. Find n distinct polynomials {0o(")) • • • '^^ GF{q) of degree at most d. 
This can be done as long as n < q'''^^ and c? G [q\. 

2. The nearly disjoint sets are given by 

S^ = {<3,U3)>\3^GF{q)} (9) 
where < j,4'i{j) > presents an element in [/]. 
The following facts can be easily verified [l|: 

1. The size of each set is exactly q, \Si\ = q for every i E [q]. 

2. Any two sets intersect in at most d points. 

3. There are at least possible sets (the number of polynomials on GF{q) of degree 
at most d). 

In the original proposal of the Nisan-Wigderson design, the polynomials (with a degree at 
most d) are chosen in an arbitrary manner. A natural way to choose these polynomials is to 
go from low order polynomials to higher ones, which results the highest order of polynomials 
to be = [log n/ log g— 1] < logn. According to Definition lII.lt it is straightforward to see 
that p < log n as shown by Nisan and Wigderson |l| . 
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D. Hartman-Raz bound 



Hartman and Raz proved that the Nisan-WiEfderson desiErn is an exphcit modified weak 

n 

(n, g, Z, p)-design with / = and p < in Theorem 1 of ref. j4|. We remark that Hartman 
and Raz's result is only proven to for the case when n is a power of q. 

III. NEW BOUND 

Intuitively, the more sets the design has, the harder to make sets disjoint. Thus, one 
might conjecture that the parameter p grows with n. Mathematically, this is not necessarily 
true, because the overlap is normalized by n, as shown in Eq. ([7]). In fact, one can find 
counter examples to this conjecture for the Nisan-Wigderson design. However, as we will 
prove in Lemma 1111.51 and 1111.41 p does grow when n increases by a large scale. It is not 
too hard to show that for a full matrix (where n = g''), p = (1 + q^^y — {'^/qY < ^ the 
Nisan-Wigderson design. Therefore, we expect p < e for all positive integers n < q'^ (see. 
Conjecture 1111. 8|) . 

A. Refined Nisan-Wigderson design 

Here, we refine the Nisan-Wigderson design by choosing the i-th polynomial for Eq. 
in the following manner: 

d 

0.(x) = (LV/J mod q)x'' (10) 

fc=0 

where d = [log n/ log g — 1] (then, q'^ < n < g°'+^) and the coefficients calculated by the 
modulo function {\i/q^\ mod q) can be treated as elements of GF{q). These polynomials 
form a set Ain = {^o? 4'i, ■ ■ ■ , 0n-i}- Each polynomial, (pi, in corresponds to a set Si in 
the design in the form of Eq. (Q. It is simple to verify the following facts. 

1. The number of intersection elements \Si fl Sj \ equals to the number of roots of 0i = (pj. 

2. For any i > j, (pi — (pj = (pi^j is also in Ain- 

3. We can see that there are no roots for (pi — (pj (which is a constant function) when 
< < j < g, thus, 

MM,) = g. (11) 
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4. Consider a set of polynomials that only differ from each other in the constant terms, 

Sq,k = {4>i\i = kq,kq + 1, . . . ,kq + q - 1}, (12) 

where 0j is defined in Eq. (ITOl) . the sum of the number of roots of each polynomial in 
Sg,k is q, 

Yl ^('^) = ^' (13) 

for every integer 1 < A; < In fact, each element of GF{q) appears as a root of 

one of the polynomials exactly once. 

Proof. The set defined in Eq. f|T2|) is equivalent to 

S,,k = {^ + j\j = 0,l,...,q-l}, (14) 

where ip is an arbitrary non-constant polynomial in GF{q). Since any two distinct 
polynomials in Sg^k do not share same roots, the summation X](/>g5 ^ -^(0) is no larger 
than q, the total number of possible roots. On the other hand, for any element 
h G GF{q), one can find j such that iplh) + j = 0, hence it is a root of one of the 
polynomials in Sq^k- Thus, the summation ^^^^^^ A(0) is no less than q, the size of 
GF{q). □ 

5. By the definition of Eq. ([T]), 

Afdfi = {(pO,(f>l,---,(pq'i-l} C Mn (15) 

Note that item 2 is the key property of our refined design, and it is generally not satisfied 
when polynomials are chosen in an arbitrary manner as in the original Nisan-Wigderson 
construction. According to item 1 and 2, the design requirement, Eq. ([7]), can be rewritten 
as 

Now the question changes to how to find the roots of polynomials in A^„. 

Proposition III.l. For any two sets defined in Eq. ([1]), ^/d,i o-nd Md,j with ij ^ and 
i,j G GF{q), there exists a one-to-one map between them such that the two polynomials by 
the map have the same roots. 
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Proof. The map can be constructed by multiplying a scalar i/j to the second set, since 
ij ^ and i/j e GF{q). □ 

We remark that the two polynomials not only have the same number of roots but also the 
values. According to the definition of A(-), Eq. (jl]), it is simple to see the following lemma. 

Lemma III. 2. The value of K{N'd,j) is the same for all j 7^ G GF{q). 

Proposition III. 3. For every positive integer d, 

A(Ar,,o) < A(A/'rf,i). (17) 
Proof. From Lemma 4 of ref. jsl, we know that 

m^,i) = WdAY.^~i'^)- (18) 



With Eq. ^ 



u, — J_ 

A(A/'d,o) = $^(g-l)A(A4,i) + l 

fc=0 

<fE(«-i)iA^»i + i)i:r(«) 

\A:=0 J 1=0 ^ ^ 



(19) 



= A(Ar,,i) 

where the inequality comes from Lemma IIII.4I □ 

Lemma III. 4. Assume that n is a power of q, n = q"^^^ , then p = A(A^„)/n, as defined in 
Eq. (^^, is an increasing function of d E [q], with Ain constructed by Eq. flTU]) . 

Proof. This can be directly seen from Eq. (fT8|) . □ 

From Lemma IIII.2I and IIII.3t we can show that 

Lemma III. 5. Assume that n can he divided by q'^, p = A{Ain)/n, as defined in Eq. ([7]), is 

an increasing function of n E {q'^ , q'^'^^] , with constructed by Eq. fllOp . 

Proof. In fact, 

n/q'^-l 

Mn= [j (20) 

j=0 
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and {A/dj} are disjoint sets, which follows that 



n//-l 




q"- n n 



(21) 



n + q°- 




■A(A/'d,o) 



where the second equation comes from Lemma IIII.21 the inequality comes from Eq. (fT7|) . □ 
Note that Lemma IIII.4I can be treated as a special case of Lemma IIIL5I 

Lemma III. 6. Assume that n G {q'^^q'^^^], d G [q\, and q'^ divides n, p = A(A^„)/n, as 
defined in Eq. ([7]), is bounded by p < {1 + q^^Y < e. 

Proof. From Lemma [III. 41 and Illl.St we can see that, 



where the equality comes from Eq. ( |T8l) with d = q — 1. 
B. Main result 

Theorem III. 7. For a positive integer n and a prime power number q, with n G (g'^, q'^^'^], 
d G [q], and q'^ divides n, there exists an explicit modified weak {n,q,l, p)-design with I = q^ 
and p < (1 + q~^y < e. 

Proof. Directly followed by Lemma IIII.6I □ 

Comparing to the previous result by Hartman and Raz 0| , p < , which is only applied 
to the case n = g"^"*"^, here we present a better bound p < e with a larger parameter range 



We conjecture that Eq. fl22l) is true for every positive integer n < q'^. That is. Theorem 
nil. 71 is true for an arbitrary n. 

Conjecture III. 8. For a prime power number q and every positive integer n < q'^ , there 
exists an explicit modified weak {n, q, I, p)-design with I = q^ and p < (1 + q^^Y < e. 




(22) 



□ 
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IV. DESIGN CONSTRUCTION 



In Theorem nil. 7t we show that the design constructed by Eq. (fTO!) can be bounded p < e. 
On the other hand, it not hard to see that p > 2 for the refined Nisan-Wigderson design (as 
constructed by Eq. (ITUl) ) in a reasonable regime of n and q, e.g., g > 16 and n > . Thus, 
our bound in Theorem IIII.7l is relatively tight. 

In the application of extractors, such as |3[|, the value of p roughly indicates the ratio of 
randomness that can be extracted. Thus, we need to achieve a p that is close to 1. Then, we 
have to go beyond the Nisan-Wigderson design. In order to reduce the parameter p, one can 
extend the size of the set, from [/] to [/']. Raz et al. proposed a block design idea to reduce 
p ^,4]. The basic idea is break the set [/'] into h blocks (smaller sets), each of which has a 
size of / (hence, V = lb). That is, the i-th subset is {il + + 2, . . . , {i + 1)1} and i E [b]. 
The design sets are subsets of one of subsets. Obviously, the sets from different subsets are 
disjoint. Hartman and Raz show that with this technique (Lemma 17 of ref. Q), p can be 
reduced to 1 exponentially fast with the number of subsets grows. With this technique, we 
can reduce p down to 1 with a finite number, 0(plog(r;,p)), of blocks by digging into details 
of the design constructed by Eq. (ITUl) . 

Conjecture IV. 1. Given the explicit modified weak (n, q, I, p)-design constructed by Eq. (fTOj) 
with I = q^ and p > I, there exists an explicit weak (n', q, I', l)-design with n' = np, V = q% 
and 

b 



log n + log p — log q 
logp - log(p - 1) 

O(logn) 



(23) 



as the number of blocks. 



Conjecture IIV.II is a corollary of Conjecture IIII.8I Here we give a proof by assuming 
Conjecture IIII.8I 

Proof. Denote the number of subsets from i-th subset to be n^. We construct the design in 
such a way that 

Hi = {1- p-yn 

n6 = np-^n(l-p-i)^ (24) 



np(l — p 



i=0 

l\b 
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where the first equation holds for i E [b]. It is not hard to verify that ^^=Q^i = np and 
rih < q with Eq. f l23|) . Thus, we can use disjoint sets, A^^, for the last block, which has a 
p = 1 according to Eq. ( ITTj) . Now, we can verify the conditions in Definition III.2I Condition 
1 is obviously satisfied. For a set Sj in block i E [b], 

i-l 

^ 2l'^-'"'^j'l < ^ n^/ + prii = np. (25) 



For the last block, J2j'<j 2 



i'=0 



j. Thus, it is a weak {n',q,l', 1 + design. Since 



[(1 + l/n'){n' — 1)J = — 1, it is also a weak (n', g, l)-design. 



□ 



If we use the matrix representation of designs as shown in Eq. ([8]), then the new design 
matrix from a refined Nisan-Wigderson design matrix Aq can be written as 

Ai 

A2 



A 



6-1 



v 



(26) 



Ab I 



where all the off-diagonal blocks are 0. According to the block design idea, presented in 
Conjecture IIV.lt Ai take first rows of Ai_i for i = {1, 2, ... , b}, where is defined in 
Eq. (EH). 

We remark that one does not need to prove Conjecture IIII.8I in practice. In fact, as 
long as a design can be verified (say, numerically) to satisfy design conditions, as given in 
Eq. ([7]), one can use Conjecture Illl.Si Note that we have numerically verify Conjecture IIII. 81 
for various values of q and n. 



V. DISCUSSIONS 

One interesting topic to investigate is to prove Conjecture IIII. 81 which allows the number 
of subsets, n E [g'^], to be arbitrary. We remark that the observation as shown in Eq. ( 1T3|1 
might be useful to prove the conjecture. The main question is how the q roots are distributed 
over q polynomials in the set. With this observation, one might expect the inequality of 
Eq. (fT7|l can be replaced by approximately equal when d is relatively large. 
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(27) 



In the Nisan-Wigderson construction, n is limited by q'^, which is not necessarily true for 
a general case. Let us extend the example of Eq. ([8]), 

/l 1 o\ 
10 1 
10 1 
110 
110 
\0 1 1 / 

One can easily verify that this design has a p < 2 and n = 6 > q'^ = 4. The key point 
is that one does not need to pick only one element from one block, as used in Eq. ([9]). In 
general, one might expect n = 0((^)) or / = O(logn). If one can find such a design with 
a reasonable p, one can apply the block design idea as shown in Eq. ( I23l) so that the seed 
length for the Trevisan extractor is O (log^ n) . 
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